We access our bank accounts daily via the Public Internet, so connecting IoT devices to the network is not the real issue.
IoT devices are exposed when they accept incoming connections “from the Internet”. Sending telemetry data from devices to the backend system utilizing the Public Internet is totally valid approach, provided that:
- Devices are the active participants of communication.
- We establish mutual authentication between devices and the backend endpoint.
- Transmission is encrypted.
If an IoT device drops any incoming request (as it should), connecting it to the Internet does not introduce any risk.
